WCS and Guest account / limited usage web authentication

Similar Messages

• RADIUS and Guest accounts

  I have a Mac Pro OSX server 10.6 (OD Master) and RADIUS enabled for my (older) Airport station.
  Macbooks login to the domain, no problems so far.
  Now and then a (Windows) Guest (not a member of our domain) walks in and wants to surf the web.
  Is something like that possible?
  I configured a GUEST computer and Guest account in WM and guests can surf the web when connected to our switch by cable.
  Allowed user for RADIUS Service = 'All users and groups' but I can't get wireless connection going

  What would be the best way to take care of guest access?
  If I were designing this with the budget for the gear, I'd have an external firewall, and with subnet capabilities established via the firewall/router, or via a managed switch and virtual LANs. Subnets for your stuff, and a subnet for the guests. The WiFi would be connected in the guest subnet.
  Some firewalls have DMZ capabilities (which are typically implemented as subnets), and that would be applicable here.
  Best case, you're looking to keep the IP traffic separate.
  Local preference is to avoid running servers as firewalls.
  Options can include commercial firewalls, and open-source options built on double-NIC x86 boxes and packages such as pfSense, M0n0wall or Smoothwall.
  If you have two public static IP addresses and a somewhat restricted budget, an unmanaged switch out front (between your firewall and your ISP connection) will give you a spot to connect your WiFi device. Otherwise, you need a firewall/router with three ports: ISP, private LAN, guest WiFi. And rules to keep the guest LAN from accessing the private LAN.
  Nothing precludes running two WiFi devices in proximity, so long as they're preferably three WiFi channels apart.
  You may (will?) want to have some baseline access controls, lest some malware start up a spamming run from your guest network, or some drive-by war-driver starts messing around with your open LAN.
  Higher-end WiFi devices (check Ruckus Wireless WiFi gear, and I'd be surprised if Cisco WiFi gear couldn't) can implement this for you, but those tend to be expensive.
  And FWIW, local preference is to run WiFi as access points; as APs. (Apple calls this Bridged Mode.) That way, the network services are acquired from servers "behind" the WiFi devices.

• Admin and Guest account internet

  Hello,
  I have a little bit of a problem. I have two accounts; one is an Admin account and the other one is a Guest account. When I use the Admin account, I can connect to the internet with no problems. But when I use the Guest account, I can't connect to the internet. The Admin and Guest accounts are connected to same network.

  You should not be using the Guest account. The Guest account is a limited system account intended for users who log into your computer from a remote connection. The only account with which you will get Internet access is your Admin account.

• Disabling Right Click Menus for Network Magic's System Tray Icons for Standard and Guest Accounts

  OK, so I want to know how to disable the right click menus for Network Magic's system tray icons only for Vista's standard and Guest accounts?   I don't want other users signed in as a Standard account or guest account having the ability to disable the system tray icons for network magic.

  Hi, currently it's not possible to disable NM from being accessed by a Limited user account, but that is a good idea.
  My Cisco Network Magic Configuration:
  Router: D-Link WBR-2310 A1 FW:1.04, connected to Comcast High Speed Internet
  Desktop, iMac: NM is on the Windows Partition, using Boot camp to access Windows, Windows 7 Pro 32-bit RTM, Broadcom Wireless N Card, McAfee Personal Firewall 2009,
  Mac Partition of the iMac is using Mac OS X 10.6.1 Snow Leopard
  Laptop: Windows XP Pro SP3, Intel PRO/Wireless 2200BG, McAfee Personal Firewall 2008
  Please note that though I am a beta tester for Network Magic, I am not a employee of Linksys/Cisco and am volunteering my time here to help other NM users.

• TS3714 How can i restore or retrieve my calendar inputs that disappeared when i tried to sync it to my internet accounts?? I didnt find it on my yahoo and gmail accounts on thw web. Pls help me

  How can i restore or retrieve my calendar inputs that disappeared when i tried to sync it to my internet accounts?? I didnt find it on my yahoo and gmail accounts on thw web. Pls help me

  You don’t need to do that. Click here and follow the instructions, or if they don't cover the type of adware on the computer, these ones. If you're willing to download software to resolve this issue(you don't need to, but may find it easier), you can instead run Adware Medic; this link is a direct download.
  (117389)

• Guest account password / DBMS user authentication synchronization

  Selected option IFS user must exist in the database as an account.
  On my next restart of IFS, node fails to init and complains that it can't find guest account in DBMS to authenticate.
  5/27/02 10:30 AM FtpServer: oracle.ifs.common.IfsException
  oracle.ifs.common.IfsException: IFS-21008: Unable to connect to iFS service
  oracle.ifs.common.IfsException: IFS-10151: Unable to perform authentication
  oracle.ifs.common.IfsException: IFS-10175: No such RDBMS user (guest)
       at oracle.ifs.server.IfsCredentialManager.authenticate(IfsCredentialManager.java:258)
       at oracle.ifs.server.DirectoryService.authenticate(DirectoryService.java:527)
       at oracle.ifs.server.S_LibraryService.connect(S_LibraryService.java:2495)
       at oracle.ifs.beans.LibraryService.connect(LibraryService.java:977)
       at oracle.ifs.protocols.common.IfsProtocolServer.createAnonymousSession(IfsProtocolServer.java:1382)
       at oracle.ifs.protocols.common.IfsProtocolServer.getAnonymousSession(IfsProtocolServer.java, Compiled Code)
       at oracle.ifs.protocols.common.IfsProtocolServer.initializeAnonymousSessionPool(IfsProtocolServer.java, Compiled Code)
       at oracle.ifs.protocols.common.IfsProtocolServer.preRun(IfsProtocolServer.java:553)
       at oracle.ifs.management.domain.IfsServer$ServerRunner.run(IfsServer.java:2123)
  I then create a DBMS user with guest account and the default password.
  Node looks like it starts up fine, but still can't get into WebUI.
  JServ.log
  [27/05/2002 10:14:31:651 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: NodeManager: Initialize: complete
  [27/05/2002 10:14:31:681 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: ServiceWarmupAgent: Starting
  [27/05/2002 10:14:31:771 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: ServiceWarmupAgent: Started
  [27/05/2002 10:14:31:771 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: ServiceWarmupAgent: Starting
  [27/05/2002 10:14:31:811 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: ServiceWarmupAgent: Service warmup starting
  [27/05/2002 10:14:35:346 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: ServiceWarmupAgent: set administration mode
  [27/05/2002 10:14:35:346 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: ServiceWarmupAgent: warming up user cache
  [27/05/2002 10:14:35:476 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: ServiceWarmupAgent: warming up Acl cache
  [27/05/2002 10:14:38:040 EDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: DavServer: Got Exception in preRun()
  oracle.ifs.protocols.dav.impl.common.TunneledIfsException
       at oracle.ifs.protocols.dav.impl.IfsDavServlet.start(IfsDavServlet.java:414)
       at oracle.ifs.protocols.dav.impl.server.IfsServletServer.preRun(IfsServletServer.java, Compiled Code)
       at oracle.ifs.management.domain.IfsServer$ServerRunner.run(IfsServer.java:2123)
  Is this a bug? Any suggestions?
  Before I blow away my entire instance and start over, how can I change the default guest password to map between DBMS and IFS?
  Thanks.

  I was trying to diagnose a problem with Oracle Text and context searching, and then when I cycled IFS, I could no longer get the web interface. I got the same error you got!
  [06/06/2002 09:32:38:622 CDT] files/oracle.ifs.protocols.dav.impl.IfsDavServlet: DavServer: Got Exception in preRun()
  oracle.ifs.protocols.dav.impl.common.TunneledIfsException
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  at javax.servlet.ServletException.<init>(ServletException.java:48)
  at oracle.ifs.protocols.dav.impl.common.TunneledIfsException.<init>(TunneledIfsException.java:29)
  at oracle.ifs.protocols.dav.impl.IfsDavServlet.start(IfsDavServlet.java:414)
  at oracle.ifs.protocols.dav.impl.server.IfsServletServer$ServletEntry.start(IfsServletServer.java:626)
  at oracle.ifs.protocols.dav.impl.server.IfsServletServer$ServletEntry.access$1(Compiled Code)
  at oracle.ifs.protocols.dav.impl.server.IfsServletServer.preRun(Compiled Code)
  at oracle.ifs.management.domain.IfsServer$ServerRunner.run(IfsServer.java:2123)
  If you figure out how to fix this, please update this thread or email me at [email protected]

• WCS expiring guest accounts early

  Hi Folks, We've had a number of reports from our Service Desk (who create the guest accounts for us) that they've been getting users who have long-term accounts (90days) expire early.
  I've taken a look at the settings and sure enough, today there are accounts on WCS that are showing as expired but have a long life time.
  Example:
  User(x) created on 13th July with an expiry of the 15th Sept
  User(y) created on 12th July with an expiry of the 12th Oct
  This is only a couple listed here but the problem seems to be widespread accross long-life accounts. I've checked the clocks and they're all synced between WCS and the WLC's, when accounts are created they are done through WCS and pushed down to the single mobility anchor (our topology is 6 WLC's split over 2 sites, with a 7th WLC for MA with a toe in the internet DMZ)
  We're running 7.0.172.0 of WCS and 7.0.116.0 on all the WLC's I think the problem has started to occur as it's really only now that we're using longer life-time accounts in anger. 
  Originally the accounts were being deleted by the cleaner process, so it just looked like the accounts were disappearing - we've stopped this and now it just shows that they expire.
  Any suggestions that you can give as to why this might be occuring would be great!  Unfortunaly we can't create 'unlimited' accounts as our policy is that they should have a lifetime of no more than 3 months, so the overhead on monitoring would be too big - so there has to be an automated process.
  Thanks in advance!
  Kev

  I upgraded to WLC 7.0.235.0 and WCS 7.0.230.0 and am still getting users complaining about their accounts expiring early.  Someone please correct me if I have misread something but the WCS is suppose to check the account every so often and re-provision the account based on the expire date set?  We setup our users with 90day accounts that is pushed to two 5508 controllers running the code above, the process works well but the expiration of accounts has become a issue.  Anyone know if the bug was truly fixed in 7.0.235 code or do I need to set the lifetime of the account lower.      

• NTFS and Guest account

  Using NTFS on Win2000 iFS1.1.
  If the user does not have an account, they get the default guest user. I see in Setup and Admin guide that SMB def has a parameter of AllowGuestIfNotUser. I see no such parameter in the NTFS sever def file. Is there another way deny access to the guest other than removeing the guest account? Will it cause problems if I remove the guest account?

  Replying to self...
  Well after hours of experimenting and talking to tech support, I have this working.
  I have all features working as advertised using the web interface (not the connect program), I have dual SSID's (not hidden) for each band with different passwords, mac address filtering, port forwarding, blah blah blah and the guest account!!!.
  The main issue I found was if I tried changing the default ip pool from the 192.168.1.x to something else, then the guest account would stop working as well as some other routing issue occured.
  I had to renumber 5 machines out of my previously registered space, but it was worth the effort. I have 2 MAC's, 2 Airports, 1 Ubuntu PC, 4 windows (G,N and GE physical), 1 Wii, 1 XBoX 360 and a media WHS all connected and working great.
  I am sure Cisco/Linksys will release firmware to get rid of this issue and some other nusances, but overall I am impressed with this router.

• E3000 and guest account problems

  I will add ot the E3000 funkiness, I have reset my router 6 times now trying to get the right combination of settings.
  What I am attemtping to do is simply change my SSID to my personal one and still have the guest account work. I change my SSID and ip address space (many devices in the house with static IP's for my personal /24, I don't want to change).
  When I do these two things only, nothing else, the guest feature no longer works. I get a 192.x address, gateway and DNS look fine via the DHCP assignment, but routing is not working, can't ping the gateway and I od course do not get any Cisco password login.
  If I completely reset my E3000 and make no changes to IP space everything works fine.
  Ideas, thoughts?
  +eb0

  Replying to self...
  Well after hours of experimenting and talking to tech support, I have this working.
  I have all features working as advertised using the web interface (not the connect program), I have dual SSID's (not hidden) for each band with different passwords, mac address filtering, port forwarding, blah blah blah and the guest account!!!.
  The main issue I found was if I tried changing the default ip pool from the 192.168.1.x to something else, then the guest account would stop working as well as some other routing issue occured.
  I had to renumber 5 machines out of my previously registered space, but it was worth the effort. I have 2 MAC's, 2 Airports, 1 Ubuntu PC, 4 windows (G,N and GE physical), 1 Wii, 1 XBoX 360 and a media WHS all connected and working great.
  I am sure Cisco/Linksys will release firmware to get rid of this issue and some other nusances, but overall I am impressed with this router.

• WCS and Guest IP addresses

  Hi,
  I have both corporate and guest WLANs available, the corporate infrastructure is 2 x WiSM modules with guest access via a 4402 anchort point controller.  When I view client connections in WCS, I see the DHCP address all corporate users have been allocated, but all guest users show up with IP address 0.0.0.0.  The guest users are allocated a DHCP address via a local pool defined on the anchor point controller.
  Is there any way I can see the IP address of each guest user?
  Many thanks
  Liam

  Hi,
  Clients get DHCP adderss no problem from local pool configured on anchor point controller.  The issue I am facing is that this IP information is not tunnelled through to WiSM module - if I check client details on anchor controller, it shows the IP address allocated to each user.  When I check same info on WiSM controller, it shows every IP address for guest access user as 0.0.0.0.
  For reporting and troubleshooting purposes I am wondering if the correct IP information can be shown.
  Regards
  Liam

• ITunes and Guest Account (OS X 10.5)

  Is there away to allow access to my iTunes library from the Guest Account?
  I'm having some friends round in a few days time and would prefer to have my computer on the Guest Account so that they can't change any of my settings or mess about with any of my work, but we'll want access to my iTunes library so that we can have some music on.

  You can either go into your iTunes preferences and Share the library (and turn on look for Shared Libraries in the guest account) OR you'll have to move your iTunes Music Folder to the Shared folder on your drive so that they can access it from the other account.

• Guest Parameter for Web Authentication

  Hi Forum,
  Just to find out a little more detail in regards to the guest account created for web authentication using Ambassador account.
  1) If the authenticated guest did not perform a proper logout, what action will the WLC take?
  2) As such, is there any timeout involved?
  Where can i tune the timeout?
  Rdgs,
  Kelvin

  Hi I just wanted to add what I have found regarding WCS and the guest feature.
  -There are two ways to configure a "local net user". The first is a static guest ID that has the "guest" flag off. This means that the client's session will not timeout. The second is to specify the "guest" user checkbox and give it a timeout value in seconds.
  This should let you control how long a user is logged in.
  From the WLC login, go to SECURITY --> LOCAL NET USERS --> then click on NEW. From there you can specify a user ID and also set that optional guest user box. If you click on the Guest User box then you will see a timeout field.
  With my guest account set to not be a guest user (no timeout value), I have noticed the following.
  1. If a guest gets disconnected, usually they will reassociate and still be able to log in.
  2. If a guest has problems, I usually tell them to disable their wireless card, close all browser windows, and then reassociate to the network.
  The steps above have worked well for my setup...

• WiSM and GUEST web authentication

  I have a WiSM and we use Cisco open web
  authentication with a user email address.
  When performing  this command via CLI:
  >config network secureweb disable
  >save config
  > reset system
  Will this make the web authentication come up HTTP instead of HTTPS ?

  That command is in order that you manage the unit.
  However there used to be a workaround that when you disable HTTPS and SSH and you reboot the WLC the web authentication will be showed as http and no https.
  Let me know if it works for you

• Guest account on WCS doesn't work as expected

  Hi,
  I have scheduled a guest account on WCS (6.0), valid 180 days, generate password every day and email to myself, and applied to our WLCs( 5.1). The first day, guest account was created on all WLCs, and emailed me the password, worked fine, the second day, I received email with the new password, but the guest account has disappered from  all WLCs, on WCS, this guest account still show as 'Active' but not apply to any WLC.
  Thanks in advance for your help!

  Our WLC version is 5.1.151.0 and WCS version was 6.0.132.0 but I just upgraded it to 6.0.170.0.  Guest Account Sync option is enabled now ( once a day). I think I find something, one is the time on WCS and WLCs was different before (corrected this now), second, the guest account start time and end time was set to same time (1:00 Jan 1, 2010- 1:00 Jul 1, 2010) or from 8:30 Jan 1, 2010 to 8:00 Jul 1, 2010. I thought this time setting is the lifetime of the account, but actually it's the active time of the account on every scheduled day, so I change this to from 1:00 Jan 1, 2010 to 23:00 Jul 1, 2010, So far,it works fine -  this guest account is created at 1:00 and removed at 23:00 everyday.
  By the way, is there any documentation to tell how WCS works with WlC underneath the GUI?
  Thanks for your help!

• ISE Web Authentication with Profile

     Hi,
     I'm using Web Authentication with Cisco ISE 1.2.1 without problems.
     The Cisco ISE didn't find the endpoint in my internal endpoint store and continue with Web Authentication
     But when I enable the PSN with the Profile Server, the Cisco ISE populate dynamically the internal endpoint store and I cannot use
     the Web Authentication cause the endpoint is already in the internal endpoint store.
     What's the better way to solve this problem ?
     Thanks in Advanced
     Andre Gustavo Lomonaco

      Hi Neno, let me clarify my question
      I'm already using my internal endpoints to permit authenticate via MAB my IP Phones, Access Points and Printers.  I'm using Profile to be able to populate this ISE internet database.
      Now imagine that I wanna use the Web Authentication to permit authenticate guest workstations without 802.1x.If the profile put the guest workstation mac in the endpoints database, those workstation always will be authenticate using the MAC authentication and not the Web Authentication. Remember that for the Web authentication works we need to configure the continue options if the mac are not found in the endpoints database. But when the profile is on, the news (guest workstations) macs are inserted in endpoints database before I have chance to use the Web Authentication.